Information Technology Division, Commonwealth of Massachusetts Before the

Subcommittee on Financial Services and Technology, of the

Committee on Banking, Housing and Urban Affairs, United States Senate

October 28, 1997

Mr. Chairman, thank you for the opportunity to
testify today on the topic of "federal legislation to authorize and
govern the use of electronic authentication technology by financial
institutions and other entities." The Commonwealth of Massachusetts has
an active electronic commerce policy agenda. General information about
our policies is available on the Internet at www.state.ma.us/itd/legal.
The Commonwealth has worked hard with other states to craft policies
that are consistent, constructive and timely at a state level. The
Commonwealth advocates a collaborative effort at the state and federal
levels to coordinate law and policy for electronic commerce within
existing jurisdictional domains of our respective levels of
governments.

Principles for Federal Electronic Commerce Legislation in 1997. At this point in time, federal law should:

1. Amend federal barriers to commerce, such as laws requiring writing on paper and signatures in ink

3. Preempt state law only to the extent necessary to abolish new taxes or burdensome regulatory schemes

4. Follow general practices in trade rather than attempt to define or jump-start markets though regulation

5. Promote a competitive marketplace that is not legislatively biased toward any technology or product

One of the key reasons for today�s hearing is the
perception that state government actions in the realm of electronic
commerce have been conflicting and are therefor tempting targets for
federal preemption. While states should be given due deference as
sovereign partners in our system of federalism, the Commonwealth is not
against preemption when the national interest is threatened by undue
burden to interstate commerce. Development of a healthy electronic
commerce marketplace is clearly in the national interest. The
Commonwealth is on record in favor of the Internet Tax Freedom Act.
This Act would place a moratorium on new state taxes focused on the
Internet. New burdensome regulation or taxation of electronic commerce
at a state or federal level is a singularly bad idea at this important,
embryonic phase of market development. Such action risks chilling
innovation and growth. In the case of the Internet Tax Freedom Act, the
urgency is clear. Does the national interest require federal action,
including preemptive action, in the general area of electronic
authentication as well?

As documented in a recent study by the Internet Law
and Policy Forum, [1] states are achieving consensus on non-regulatory,
enabling legislation that would create legal equivalency between paper
and computer records. Unlike the area of new tax laws related to the
Internet, state laws relative to electronic authentication are already
gravitating toward pro-market elimination of legal barriers to
electronic commerce. However, the first state to adopt such legislation
opted for a regulatory approach and two states followed.[2] Though
regulatory, these statutes are permissive in nature. That is, the
regulation applies to companies that are "licensed" under the statute
and licensing is voluntary. Only companies that chose to be licensed
will be regulated and there is no legal impediment to unlicensed
companies. Though there are minor differences in the regulatory
requirements among these three states, no conflict would arise unless a
given company deliberately chose to become licensed and regulated under
more than one state (companies not seeking state regulation would chose
to be licensed by no state). The statutes even take care to provide
that electronic signatures created by unlicensed companies or different
technologies can remain valid under other applicable statutes and by
common law. [3] Since no real conflict exists between state laws and no
new regulation would be foisted upon electronic commerce, it can be
concluded that federal preemption is not called for in the area of
electronic authentication.

Why would federal legislation be needed to authorize
and govern the use of electronic authentication? First, there is a
large body of federal statute, regulation and case law that assumes
communication methods that have since been overtaken by technology and
related modern business practice. These so-called "quill pen" laws
often require communications to be "written on paper" or "signed in
ink" in order to be valid legal documents. Such laws often act as
impediments to otherwise sound and desirable electronic commerce
activity and they should be repealed or amended immediately.

In Re: Kaspar,[4]
the recent Tenth Circuit case, revealed an all to typical example of
the need for such federal legislative reform. In this case, the court
ruled modern technology and business practices were not sufficient to
create a "writing" under the Bankruptcy Act and therefor a debtor would
have otherwise valid debt discharged. [5] In sum, the court ruled that
a computer record of a false financial statement that a debtor caused
to be made by a creditor who relied on the statement, did not qualify
as "writing" under the bankruptcy statute. With a veritable mission
statement for Congress, the decision concluded with the following:

"We note with some wryness that in this instance the
law lags behind technology and custom, but that gap is a subject which
must be addressed to the Congress and not the courts. We will not
undertake to rewrite the express language of a statute merely to
accommodate the commercial conveniences attributable to modern
technology."

To the extent that federal law prohibits electronic
records and electronic authentication systems due to quill pen laws,
then it is clear that new federal law is in fact needed to eliminate or
reform these antiquated bodies of law. . Unfortunately, this is typical
in both state and federal law. The Massachusetts General Laws alone
provide for some 4,515 separate writing or signing requirements States
are in the process of reforming our quill pen laws. The National
Conference of Commissioners on Uniform State Law (NCCUSL) is drafting a
Uniform Electronic Transactions Act and other efforts that generally
make electronic media legally equivalent to paper media.

Substantive bodies of state law are intimately
involved with these law reform projects, including contract law,
commercial law, rules of evidence and other areas. While several states
have already adopted non-regulatory, broad enabling legislation along
these lines, the NCCUSL efforts will assure greater uniformity. At this
stage, federal and state policy makers should coordinate efforts at law
reform in our respective jurisdictions to assure the creation of a
consistent and predictable base-line legal treatment of electronic
records and authentication. Coordination and communication would have a
greater chance of achieving a long term, solid national legal
infrastructure for the information age than would quick attempts at
federal laws that delve into substantive areas of state jurisprudence.

It is my understanding that today�s hearings relate
directly to draft Technical Amendments to the Bank Protection Act of
1968. Based upon my 9/15/97 draft of this proposed legislation, I offer
the following observations:

Proposed new section 6 (a)(2) provides: "Where
financial institutions have entered into agreements regarding the use
of electronic authentication or where financial institutions establish
banking, financial or transactional systems using electronic
authentication, such establishment and use of electronic authentication
pursuant to this Act shall be permitted and shall be valid according to
the relevant agreements or system rules." To indicate by federal
statute that such an agreement "shall be valid" goes to far. Important
bodies of state contract law, for instance, could be contravened. What
if the agreement were made under duress, or by a minor, or involved an
illegal purpose? What if the agreement would breach specific state
consumer protection laws? Under Principle 1, the comfort sought by such
language should be achieved by removing known federal barriers to such
agreements and working with states to remove any remaining state
barriers under state law in a consistent manner with federal law.

Proposed new section 6 (b) (2) provides: "No
financial institution shall - (i) be regulated by, be required to
register with, or be certified, licensed or approved by, or (ii) be
limited by or required to act or required to act or operate under
standards, rules or regulations promulgated by, a state government or
agency or instrumentality thereof, with regard to use of electronic
authentication, including acting as a digital certificate authority or
performing a similar role pursuant to this Act. Further, no state shall
impose a fee with respect to such electronic authentication services .
. . nor shall any state . . . otherwise limit the fee that may be
charged by a financial institution with respect to such electronic
authentication services subject to the provisions of this Act." Again,
it goes to far to attack and eliminate the basis of existing state
regulation of business under our jurisdictions merely because
electronic methods are used.

As the nation and the world move into the information
age, such methods will be used ubiquitously by business. Would the
drafters suggest that state government under our Constitution should
cease to exist in the digital age? If not, then it must be admitted
that states will continue to exercise sovereign and prudent judgement
regarding the uniform application of our jurisdictions � including
certain aspects of electronic authentication. For example, whether a
party signed a contract can go to the heart of state contract law,
commercial law and our administration of justice under our rules of
evidence. These are not matters for federal law. Virtually all global
commerce in the USA today takes place in a state and we have not yet
ground trade to a halt � notwithstanding reports of state�s inability
to create consistent predictable law.

Proposed new section 7 provides: "(a) Nothing in this
Section 6 (a) above shall impair the rights afforded consumers under
the provisions of the Truth in Lending Act, as amended, or the
Electronic Funds Transfer Act, as amended, or the implementing
regulations of the Federal Reserve Board thereunder applicable to
electronic funds transfers from a consumer account or extensions of
credit to consumers. (b) Nothing in Section 6(a) of this Act shall
impair rights afforded to consumers under general consumer protections
laws." This language requires further precision as to the definition of
"general consumer protection laws." What does the word "general" mean
in this context? Is this different from specific consumer protection
law? For example, the Commonwealth has provisions of a state Fair
Credit Reporting Act and an Electronic Funds Transfer Act that provide
greater consumer protection than do their federal counterparts. Would
these provisions survive? What other state consumer protection law is
included here?

Mr. Chairman, I wish to convey a message from the
state point of view that encourages federal action to remove barriers
to electronic commerce but that stops short of harming the market
through new federal regulation or by intruding on existing and
important areas of state commercial jurisprudence. The recent American
Bar Association statement on "States' Role in Developing Digital
Signatures Policies and Standards" remarked that government at all
levels should develop coordinated "economic development policies [that]
specifically promote electronic commerce in the private sector." [6]
Electronic commerce generally, and electronic authentication systems
specifically, cut across state and federal jurisdictions and we should
work together to create the appropriate policy environment.

States are working though a number of organizations
to coordinate our policies.[7] It is my hope that the states and the
federal government will be able to cooperate on creating a policy
framework and national legal base line to assure electronic
authentication practices are legal, sound and market-based. Mr.
Chairman, again, I appreciate your invitation to testify today. If my
office can be of any assistance to you as your Subcommittee continues
to work on these matters, please do not hesitate to contact us. Thank
you.

Footnotes:

1. See Survey of State Electronic & Digital Signature Legislative Initiatives at http://www.ilpf.org/digsig/digrep.htm.

3. For example, section 401 of the Utah Digital
Signature Act provides that �nothing in this chapter precludes any
symbol from being valid as a signature under other applicable law such
as Utah Uniform Commercial Code section 70A-1-201(39).� Under the
common law, any symbol executed or adopted by a party with a present
intent to be bound by or to authenticate a record will suffice to
create a legal signature. This fact has lead some commentators to
advocate little or no new legislation, because it is felt that courts
will correctly interpret writing and signature requirements to include
new technology media, unless a statute is directly on point to the
contrary.

4. Available at www.tiac.net/biz/danielg/kaspar.htm

5. 11 U.S.C. 523 - Exceptions to discharge, states, in part, in (a)(2)(B):
(a) A discharge ... of this title does not discharge an individual debtor from any debt --
(2) for money . . . an extension, renewal, or refinancing of credit, to the extent obtained by --
(B) use of a statement in writing --
(i) that is materially false;
(ii) respecting the debtor's or an insider's financial condition;
(iii) on which the creditor . . . reasonably relied; and
(iv) that the debtor caused to be made or published with intent to deceive....

6. Statement by the Legislative and Policy Work Group of
the Information Security Committee of the American Bar Association.
7.31.97 available at: http://www.abanet.org/scitech/ec/isc/stateds.html

7. A list of relevant organizations and initiatives will be available by November 10 at www.state.ma.us/itd/legal.